- Checkmarx Documentation
- Checkmarx SCA
- Checkmarx SCA Release Notes
- Previous Checkmarx SCA Release Notes
- Checkmarx SCA Release Notes 2023
- Checkmarx SCA Release Notes April 2023
Checkmarx SCA Release Notes April 2023
Notice
These release notes relate to the SCA standalone product. Users who consume SCA through Checkmarx One should refer to the Checkmarx One release notes to see which SCA features have been released in Checkmarx One.
Warning
We are in the process of rolling out a new comprehensive Management of Risks service which will replace the current service. The current APIs IgnoreVulnerability
and UnignoreVulnerability
will soon be deprecated. Please plan accordingly. For more info, feel free to contact your Technical Account Manager.
Global Inventory and Risks
We have revamped the system used for gathering data for the Global Inventory and Risks screen. We now use a dedicated service to process the data. This will greatly improve the performance of this feature, improving pagination, searchability and responsiveness.
The new service retains data for only one and a half years, so that packages and risks that haven't been detected by any recent scans aren't shown on this screen.
Notice
The data shown in Scan Results for specific projects is retained for a longer period of time.
Support for Unity Package Manager
We added support for Unity package manager.
Languages/Frameworks: Unity Repository: Unity Technologies, Needle-mirror, Open UPM File Types: none | ||||
Supported Package Managers | Exploitable Path | Supply Chain Security (SCS) | Manifest Files (Packages marked with are required) | |
none | manifest.json, packages.json |
File Extraction
We now extract .jar compressed files, and scan the extracted files (in addition to existing support for .war, .ear and .zip). We have also increased the recursive extraction to 4 levels of depth.
SCA Resolver Releases
We released the following new versions of SCA Resolver:
Notice
The complete changelog, and links to download SCA Resolver are available here.
Version 2.1.5
Added support for Unity package manager. For more information, see Unity Package Manager Dependency Resolver.
For Bower, fixed issue that dependency resolution was failing when latest version ("*") was specified.
For Ivy, fixed issue that unused versions were being resolved despite the fact that a newer version had been specified in the manifest file.
ImageResolver updated to version 2.0.43.
Version 2.1.2
Added support for authentication via Master Access Control, see Master Access Control Authentication for Checkmarx SCA Resolver.
For Sbt, stack overflow is fixed when building the dependency tree.
For Gradle, when a submodule is duplicated in a project we now resolve the package only once.
ImageResolver was updated to version 2.0.41.